Manifest

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
File:                     hesz_RfSMvvmsq22bLCv4N7pA7A.mft (raw, json)
Hash identifier:          SAaxc3d76x1Vr1RTkesL/Xv1ZW0VsZe76X/id9TAuac=
Subject key identifier:   5B:D7:90:8A:CC:9E:48:9F:CE:13:B9:39:41:F0:C6:F2:A5:89:CD:DC
Authority key identifier: 85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0
Certificate issuer:       /CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
Certificate serial:       019674C290ADC5CE1C39A59A0A44983A0AEC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
Manifest number:          039B
Signing time:             Sun 27 Apr 2025 01:00:30 +0000
Manifest this update:     Sun 27 Apr 2025 01:00:30 +0000
Manifest next update:     Mon 28 Apr 2025 01:00:30 +0000
Files and hashes:         1: hesz_RfSMvvmsq22bLCv4N7pA7A.crl (hash: WR2Hl9Yfo+e57291Uh1fYiM3rCsfs545l6zOLFu8BS0=)
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:74:c2:90:ad:c5:ce:1c:39:a5:9a:0a:44:98:3a:0a:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85eb33fd17d232fbe6b2adb66cb0afe0dee903b0
        Validity
            Not Before: Apr 27 01:00:30 2025 GMT
            Not After : Apr 28 01:00:30 2025 GMT
        Subject: CN=5bd7908acc9e489fce13b93941f0c6f2a589cddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c7:75:8a:12:27:b7:bf:17:26:a6:9d:19:27:
                    11:6c:9c:70:84:f9:68:c3:d9:73:f8:8f:21:98:2e:
                    1d:c6:05:95:c7:4b:97:e7:52:a6:92:16:4b:8f:63:
                    da:c2:bf:f6:39:a6:f3:fb:bd:bc:97:76:cd:91:8a:
                    95:e3:de:ca:71:33:4b:8e:ea:dc:1d:50:e6:b4:66:
                    1c:f8:da:fc:b4:ca:11:68:de:3f:87:86:14:c7:3b:
                    81:3b:1b:fa:db:95:f2:2b:3c:d0:b8:c7:d8:39:a3:
                    1c:82:20:0d:b8:81:00:e1:ae:c9:13:cf:f1:f4:3b:
                    c4:c2:94:56:e3:75:96:70:ae:a2:8f:7d:21:ef:31:
                    a2:1b:16:38:47:15:4c:f7:a1:af:81:b5:90:51:af:
                    f9:ba:77:31:3f:a6:ef:91:26:57:d9:7c:d1:6b:30:
                    35:ab:f2:45:04:64:6a:38:9e:d2:a8:20:00:6c:6d:
                    e5:a1:7a:7e:1a:46:a4:bf:04:91:9d:53:c8:62:ff:
                    ec:12:fa:15:d2:59:c1:67:ba:da:60:05:e7:94:f9:
                    c2:70:da:a4:c4:c5:51:6a:ad:e7:73:ea:73:41:ad:
                    81:65:e3:2b:2f:04:26:63:ab:56:1a:5a:f8:41:2d:
                    4a:ce:a7:7b:1e:78:c0:e6:7a:7c:8e:33:4d:d0:19:
                    be:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D7:90:8A:CC:9E:48:9F:CE:13:B9:39:41:F0:C6:F2:A5:89:CD:DC
            X509v3 Authority Key Identifier:
                keyid:85:EB:33:FD:17:D2:32:FB:E6:B2:AD:B6:6C:B0:AF:E0:DE:E9:03:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hesz_RfSMvvmsq22bLCv4N7pA7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.mft

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/ce824f-73c9-485e-8edc-8a38ea2b1f54/1/hesz_RfSMvvmsq22bLCv4N7pA7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4: inherit
                IPv6: inherit

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  inherit

    Signature Algorithm: sha256WithRSAEncryption
         05:c2:15:55:51:f4:36:bf:8c:0c:19:7d:7a:9f:1a:12:b4:55:
         ae:91:03:1e:52:01:af:85:a2:3c:78:06:3f:a9:55:62:22:55:
         b5:a4:c1:06:7b:6f:f2:a3:fb:31:00:f5:2f:a2:06:d9:39:56:
         bf:35:fb:3c:68:22:a5:d5:c4:e4:87:7f:f4:48:57:b3:25:71:
         1b:d2:55:6a:56:11:b1:02:fa:64:98:34:74:3c:49:cf:3d:b2:
         db:e7:f6:d3:57:e7:fa:1f:62:81:2b:a9:eb:61:9e:42:07:45:
         00:47:b1:b5:d1:02:0f:b2:c8:17:03:6b:1e:9e:14:d8:b2:e8:
         d9:c0:56:9c:bb:d9:5e:8f:9f:d3:da:10:34:2f:86:b5:3b:16:
         de:12:fb:5a:14:0f:c6:6d:5e:42:1b:5b:df:94:0e:64:b1:6c:
         74:e2:2e:de:eb:d5:ca:1b:08:f1:bc:66:29:80:79:be:9f:b0:
         cc:d1:ec:48:8e:ba:14:67:f7:b6:c4:3e:52:6c:a4:4f:8a:0b:
         de:f2:67:79:92:46:72:0c:88:3d:54:01:73:81:39:99:05:98:
         d3:de:88:13:46:c2:d1:7b:4a:46:0b:b1:f0:22:1f:69:df:de:
         a5:5a:97:f6:b7:c4:a7:d5:c8:68:a6:40:af:56:5c:39:77:5d:
         91:17:05:74
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZZ0wpCtxc4cOaWaCkSYOgrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZWIzM2ZkMTdkMjMyZmJlNmIyYWRiNjZjYjBhZmUwZGVl
OTAzYjAwHhcNMjUwNDI3MDEwMDMwWhcNMjUwNDI4MDEwMDMwWjAzMTEwLwYDVQQD
Eyg1YmQ3OTA4YWNjOWU0ODlmY2UxM2I5Mzk0MWYwYzZmMmE1ODljZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssd1ihInt78XJqadGScRbJxwhPlo
w9lz+I8hmC4dxgWVx0uX51KmkhZLj2Pawr/2Oabz+728l3bNkYqV497KcTNLjurc
HVDmtGYc+Nr8tMoRaN4/h4YUxzuBOxv625XyKzzQuMfYOaMcgiANuIEA4a7JE8/x
9DvEwpRW43WWcK6ij30h7zGiGxY4RxVM96GvgbWQUa/5uncxP6bvkSZX2XzRazA1
q/JFBGRqOJ7SqCAAbG3loXp+GkakvwSRnVPIYv/sEvoV0lnBZ7raYAXnlPnCcNqk
xMVRaq3nc+pzQa2BZeMrLwQmY6tWGlr4QS1Kzqd7HnjA5np8jjNN0Bm+XQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFvXkIrMnkifzhO5OUHwxvKlic3cMB8GA1UdIwQY
MBaAFIXrM/0X0jL75rKttmywr+De6QOwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMt
OGEzOGVhMmIxZjU0LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLm1mdDCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9jZTgyNGYtNzNjOS00ODVlLThlZGMtOGEzOGVhMmIxZjU0
LzEvaGVzel9SZlNNdnZtc3EyMmJMQ3Y0TjdwQTdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAGBAIAAQUAMAYEAgACBQAw
FQYIKwYBBQUHAQgBAf8EBjAEoAIFADANBgkqhkiG9w0BAQsFAAOCAQEABcIVVVH0
Nr+MDBl9ep8aErRVrpEDHlIBr4WiPHgGP6lVYiJVtaTBBntv8qP7MQD1L6IG2TlW
vzX7PGgipdXE5Id/9EhXsyVxG9JValYRsQL6ZJg0dDxJzz2y2+f201fn+h9igSup
62GeQgdFAEextdECD7LIFwNrHp4U2LLo2cBWnLvZXo+f09oQNC+GtTsW3hL7WhQP
xm1eQhtb35QOZLFsdOIu3uvVyhsI8bxmKYB5vp+wzNHsSI66FGf3tsQ+UmykT4oL
3vJneZJGcgyIPVQBc4E5mQWY096IE0bC0XtKRgux8CIfad/epVqX9rfEp9XIaKZA
r1ZcOXddkRcFdA==
-----END CERTIFICATE-----